{"schema_version": "1.7.0", "id": "RLSA-2026:27354", "modified": "2026-06-22T06:04:29.313444Z", "published": "2026-06-22T06:00:57.876785Z", "upstream": ["CVE-2026-31419", "CVE-2026-31488", "CVE-2026-43056", "CVE-2026-43279", "CVE-2026-46090", "CVE-2026-46135", "CVE-2026-46145", "CVE-2026-46331"], "summary": "Important: kernel-rt security, bug fix, and enhancement update", "details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419)\n\n* kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation (CVE-2026-31488)\n\n* kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)\n\n* kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing (CVE-2026-43279)\n\n* kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)\n\n* kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop (CVE-2026-46090)\n\n* kernel: RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145)\n\n* kernel: nvmet-tcp: fix race between ICReq handling and queue teardown (CVE-2026-46135)\n\nBug Fix(es) and Enhancement(s):\n\n* Rocky Linux8 RT kernel panic in replenish_dl_entity() caused by stale DEADLINE PI state during rt_mutex de-boosting (JIRA:Rocky Linux-178520)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "kernel-rt", "purl": "pkg:rpm/rocky-linux/kernel-rt?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:4.18.0-553.136.1.rt7.477.el8_10"}], "database_specific": {"yum_repository": "NFV"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:27354"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457829"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460619"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464449"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467215"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479492"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481980"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482581"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482654"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}